HTML Filtering To Secure Websites With HTML Purifier
28
Feb
Secure input and data handling is hard when it comes to HTML because of many different types of malicious code (XSS).
HTML Purifier is a well documented, standards-compliant HTML filter library written in PHP. It simply:
- Removes all malicious code (better known as XSS) with an audited, secure yet permissive whitelist.
- Makes sure your documents are standards compliant.
HTML Purifier requires PHP 5 (PHP 4 versions are not supported any more but can be downloaded). It saves so much time while developing & offers much more expertise than most of the self-coded data-handling libraries as HTML Purifier is concentrated only in this area.
This open source secure data handling solution also has a comparison chart wih other HTML filters.
Some community-written plugins for CMS softwares, WYSIWYG editors can be found in the HTML Purifier website.
Requirements: PHP 5+
Website: http://htmlpurifier.org
Demo: http://htmlpurifier.org/demo.php
Download: http://htmlpurifier.org/download.html
Website: http://htmlpurifier.org
Demo: http://htmlpurifier.org/demo.php
Download: http://htmlpurifier.org/download.html
- Tags:
Data Html Input Php Security XSS
- Filed under: Extras, LGPL License, Security
- 3 Comments
3 Responses for "HTML Filtering To Secure Websites With HTML Purifier"
[...] code XSS.HTML Purifier is a well documented, standards-compliant html filter library written in PHP.http://www.webresourcesdepot.com/html-filtering-to-secure-websites-with-html-purifier/NYTimes.com hand-codes its HTML – Boing BoingApr 30, 2008 … Umm how is this different than any [...]
The very good and yet much faster and smaller htmLawed is a good alternative to HTMLPurifier. Check it at: http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/index.php
Better solution… When developing functions to sanitise data the question is “what can they use”, not “what to filter”. All that is needed is two lines of code. However from memory PHP has many built in functions which can achieve this.